Bug 965826 - Some Resource adapter classes are exposing the password on its toString
Some Resource adapter classes are exposing the password on its toString
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: HornetQ (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity unspecified
: ER7
: EAP 6.1.1
Assigned To: Clebert Suconic
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-21 15:57 EDT by Clebert Suconic
Modified: 2013-09-16 16:26 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-16 16:26:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker HORNETQ-1211 Major Closed Some Resource adapter classes are exposing the password on its toString 2013-09-17 02:54:24 EDT

  None (edit)
Description Clebert Suconic 2013-05-21 15:57:59 EDT
Description of problem:

toString() with password exposed


Version-Release number of selected component (if applicable):
2.3.0.Final

How reproducible:
Always

Steps to Reproduce:
1. Look at the logs for the password exposed on the toString

Actual results:


Expected results:
password masked or hidden


Additional info:

It's a minor issue as the log should be protected with authorization requests
Comment 3 Miroslav Novak 2013-08-22 05:04:58 EDT
BZ is in incorrect state. Fix for this issue is present in EAP 6.1.1.ER7(HQ 2.3.5.Final) 

Verified be reading the code in EAP 6.1.1.ER7. Great work, Clebert!

Note You need to log in before you can comment on or make changes to this bug.